On Tue, 1 Dec 1998, Arjan de Vet wrote:
> When grepping for 'sprintf' I still find one occurance in lib/rfc1738.c,
> none in src/*.c and lots of them in snmplib/*.c.
>
> strcpy is still present in a lot of files, although at many places xstrncpy
> is already used.
>
> These are not the only two functions of course which can introduce buffer
> overflows but replacing them with snprintf and strncpy everywhere would be a
> good start I think...
True. However, technically, just the presence of those function calls does
not imply buffer overflows. And visa versa, one can create an overflow
condition by improper use of snprintf and alike.
Alex.
Received on Tue Dec 01 1998 - 00:48:17 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:32 MST